LinkedIn Files Lawsuit against Hackers Creating Thousands of Fake Accounts

LinkedIn has filed a lawsuit against hackers who have violated the site's policy against creation of numerous fake accounts.

The professional social networking site noticed the unusual transactions of the hackers after they saw several member profiles were being viewed by the alleged fake accounts since May 2013.

LinkedIn already disabled those fake accounts and enhanced its security. It decided to push through with the lawsuit even if the identity of the hackers are still unknown.

“It undermines the integrity and effectiveness of LinkedIn’s professional network by polluting it with thousands of fake member profiles,” Jonathan Blavin, a lawyer for the company, said in the complaint.

The site said that the event transgressed not only its terms but the California Comprehensive Computer Access and Fraud Act, the Computer Fraud and Abuse Act, and the Digital Millennium Copyright Act as well.

The site’s terms of use prohibit “scraping, spidering, crawling, or other technology or software used to access data without the express written consent of LinkedIn or its members.” In simple context, the site only allows one genuine profile for each member, but that is difficult to regulate.

According to PC Mag, these hackers have bypassed the site’s security measures like UCV (Captchas, Sentinel) which limits consecutive requests from the same IP address, and FUSE, which limit account activity. They even employed an automated process to generate multiple fake profiles, thus, allowing them to view thousands of genuine accounts and scrape profiles for data. Some of those hackers even used Amazon Web Services.

To protect its users, the Mountain View, Calif.-based social networking site will request Amazon to hand them all information ties to the accounts recognized by LinkedIn.

“We're a members-first organization and we feel we have a responsibility to protect the control that our members have over the information they put on LinkedIn,” LinkedIn said in a statement.

In May 2013, LinkedIn added a two-factor authentication wherein those who opt in will have to key in a numeric code sent to their phone through SMS every time log in aside from their regular password.